Last active
March 9, 2019 08:41
-
-
Save huangsam/8a44dd0b122f0f12850edb34fabe1ca6 to your computer and use it in GitHub Desktop.
Bind nameserver demo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| yum install bind bind-utils -y | |
| vi /etc/named.conf | |
| vi /var/named/mydomain.com.zone | |
| systemctl start named | |
| systemctl status named | |
| dig @localhost mydomain.com | |
| dig @localhost www.mydomain.com | |
| dig @localhost win.mydomain.com |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $TTL 86400 | |
| @ IN SOA ns1.mydomain.com. root.mydomain.com. ( | |
| 2013042201 ;Serial | |
| 3600 ;Refresh | |
| 1800 ;Retry | |
| 604800 ;Expire | |
| 86400 ;Minimum TTL | |
| ) | |
| ; Specify our nameserver | |
| IN NS ns1.mydomain.com. | |
| ; Resolve nameserver hostnames to IP, replace with your IP addresses. | |
| ns1 IN A 10.0.2.15 | |
| ; Define hostname -> IP pairs which you wish to resolve | |
| @ IN A 10.0.2.99 | |
| www IN A 10.0.2.100 | |
| win in A 10.0.2.101 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // named.conf | |
| // | |
| // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS | |
| // server as a caching only nameserver (as a localhost DNS resolver only). | |
| // | |
| // See /usr/share/doc/bind*/sample/ for example named configuration files. | |
| // | |
| // See the BIND Administrator's Reference Manual (ARM) for details about the | |
| // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html | |
| options { | |
| listen-on port 53 { 127.0.0.1; }; | |
| listen-on-v6 port 53 { ::1; }; | |
| directory "/var/named"; | |
| dump-file "/var/named/data/cache_dump.db"; | |
| statistics-file "/var/named/data/named_stats.txt"; | |
| memstatistics-file "/var/named/data/named_mem_stats.txt"; | |
| recursing-file "/var/named/data/named.recursing"; | |
| secroots-file "/var/named/data/named.secroots"; | |
| allow-query { localhost; }; | |
| allow-transfer { localhost; }; | |
| /* | |
| - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. | |
| - If you are building a RECURSIVE (caching) DNS server, you need to enable | |
| recursion. | |
| - If your recursive DNS server has a public IP address, you MUST enable access | |
| control to limit queries to your legitimate users. Failing to do so will | |
| cause your server to become part of large scale DNS amplification | |
| attacks. Implementing BCP38 within your network would greatly | |
| reduce such attack surface | |
| */ | |
| recursion yes; | |
| dnssec-enable yes; | |
| dnssec-validation yes; | |
| /* Path to ISC DLV key */ | |
| bindkeys-file "/etc/named.iscdlv.key"; | |
| managed-keys-directory "/var/named/dynamic"; | |
| pid-file "/run/named/named.pid"; | |
| session-keyfile "/run/named/session.key"; | |
| }; | |
| logging { | |
| channel default_debug { | |
| file "data/named.run"; | |
| severity dynamic; | |
| }; | |
| }; | |
| zone "." IN { | |
| type hint; | |
| file "named.ca"; | |
| }; | |
| zone "mydomain.com" IN { | |
| type master; | |
| file "mydomain.com.zone"; | |
| allow-update { none; }; | |
| }; | |
| include "/etc/named.rfc1912.zones"; | |
| include "/etc/named.root.key"; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some helpful resources I consulted while doing this experiment.
DigitalOcean: How To Install the BIND DNS Server on CentOS 6
YouTube: BIND - named service for DNS